Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes with an update to the news we discussed last weekend that a Windows 7 utility seemed to contain GPL code:
"Microsoft has confirmed that the Windows 7 USB/DVD tool did, in fact, use GPL code, and they have agreed to release the tool's source code under the terms of GPLv2. In a statement, Microsoft said creation of the tool had been contracted out to a third party and apologized for not noticing the GPL code during a code review."

The Y2012 bug is exaggerated. There isn't much Mayan code in reality and what's there probably won't generate any irrecoverable errors. Besides if there were going to be problems, we'd see systems that depended on dates after 2012 failing now. You'd see things like extremely unlikely coincidences and bizarre flukes of fate. Since we don't see th%@HG%#@%YG@$^[CARRIER LOST]

The New Age spiritually aware around the world are running up against the end of the Mayan Long Count Calendar [today.com]. Mayan date 12.19.19.17.19 will occur on December 20, 2012, followed by the start of the fourteenth cycle, 13.0.0.0.0, on December 21st.

The event was first flagged by megalith scientist Terence McKenna. The end of the thirteenth cycle would break many megalith calculations — which conventionally use only the last four numbers to save on standing stones — with fears of spiritual collapse, disruption of ley lines, Ben Goldacre driving the chiropractors back into the sea and the return of the great god Quetzalcoatl and the consequent destruction of all life on earth.

Megalith programmers from 4000 years ago are being dredged up from peat bogs and pressed into service to get the henges updated to handle the turnover in the date. “It could be worse,” said one. “I could still be programming COBOL.”

Sceptics may choose the Winter Solstice on December 22nd (13.0.0.0.1) to attack, to take advantage of weakened qi. In case vital services are temporarily cut off, spiritually aware persons should stock up on crystals, copies of Sun Signs, a duly blessed tarot deck and other essentials. “They should get as well a suitable selection of blessed Hopi ear candles,” said Y2012 consultant Ravenwoo Granola, DD, 31, Ph.D (Univ. P.T. Barnum Mail-Order), “unicorn posters, holistic medicines, Silver RavenWolf books, purple clothing, protective pentacles — earrings for the ladies, pendants for the gents — make sure the house is absolutely robust in feng shui, your energetic vibrations are aligned and your Eostre rituals are up to date and keep only homeopathic quantities of money around. I’ll be happy to take on the danger of handling the rest. Here’s a price list. Everyfink for the spiritual survivalist.”

Others dismiss the problem. Sandra Noble of the Foundation for the Advancement of Mesoamerican Studies considers the Y2012 problem “a complete fabrication and a chance for a lot of people to cash in.” However, Y2012 consultants deride “2012-deniers” for having their heads in the sand as to the vast and overwhelming spiritual importance to humanity of keeping their consultancies rolling.

Luckily, now to the GPL cancer properties, MS has to make all of windows GPL right? I mean, this is what they have been warning would happen to people's code if the GPL tainted it right? Or am I off my rocker? ~;-)

And I was marked troll [slashdot.org] and ridiculed [slashdot.org] for saying that this is what they are obliged to do. From the bottom of my heart, fuck you slashdot. Also just disregard the mod points on the post, look at the amount of people responding without even thinking twice about what they are writing. There is no space here for truth, only hormones of feeble minded fools. And the "mods", being us who receive mod points to classify the value of information in posts, are no better in doing the job anymore than the rest of you. Slashdot is the fundamental definition of "defective by design", and you'll come to notice that only the idiots stay longer than average. This is my last post, and I truly hope nobody cares as that would prove it being the outmost right decision to take.

Oh and before you respond to this in some sad attempt of ridicule such as "cry me a river" or any other internet meme which has already been done close to an infinite amount of time, know that I won't be here to read it. So knowing that you may go ahead and waste your time.

Indeed. I applaud them for swiftly and appropriately handling the problem- to the point of taking the high-road for a change and offering the changed source code up instead of simply pulling it all out.

It doesn't make up for what they've done over the years (and apparently still doing...sadly...) but it's a good start in the right direction.

It's the integrity of how they handled the situation... someone pointed out the possible GPL violation... they pull the tool and let everyone know they're looking into it... then they announce they've looked into it and as a result, they're going to release the source code in accordance with the GPL, something MS would rather not do, to honor the licence, and the community need for the tool.

Dude, step away from the crack pipe. Win2K is being supported until next year, that's a decade of support. XP? 2014 which equals 13 YEARS. And it ain't like it is gonna just stop working when the time is up. oh and my ancient MS Office 2K works just fine on Windows 7 x64. So it isn't like you gotta jump on the latest and greatest if you don't want to.

And now look at yourself. I mean here MSFT is, admitting the vendor they bought the software from fucked up, manning up to it and giving up the code like the

Instead they built themselves a 1st party case study in how the GPL is a virus that forces companies to give up their intellectual property.

Or, alternatively, also based on no evidence at all, they were embarrassed to find that they had shipped a product with GPL code in it, and in a sudden outbreak of common sense figured they had nothing to lose and released the code.

If you worked at Microsoft, you'd know that it takes patience and time away from the horrific workload and schedules to code review every third-party thing that came through the door. When I worked at Microsoft, our vendor routinely used code they weren't supposed to EVEN THOUGH it was in their contract not to. I would sometimes come across a bug somewhere and I'd find something stolen off the net, and I'd have to pull it and reprimand the vendor, and then get them to do the work and pay them for it again.
It's easy to sit at your computer desk and pontificate about how MS is trying to pull a fast one on everyone. Shit, if you only knew how ingrained in the culture it is to homegrow everything, and steal nothing. Very strong corporate policies there at MS, and everyone is subject to disciplinary action if you've intentionally tried to pull a fast one in one way shape or form.
Trust me, the Program Manager who owns that tool is shitting in his/her pants, as it's going on their performance review for not tightening up on code quality. From my experience there, MS takes this shit seriously.

I'd find something stolen off the net, and I'd have to pull it and reprimand the vendor, and then get them to do the work and pay them for it again.

Wait, what? The contract forbade the vendor from using stolen code, but didn't provide Microsoft any financial remedy when this behavior was discovered? Not only should you not have had to pay them to do the work again, the vendor should have made financial concessions.

The reason why I am asking is so that I can get a feel for the validity of your statement about the coding culture amongst people working for Microsoft.

There are very few things you need to know here. Programmers for Microsoft:

Wanted to work for Microsoft

Convinced some people at Microsoft they would play along with their game

Survived the spinup to the Microsoft programming culture

Deliver the products you've come to expect

Whether your interest is as a prospective buyer of their output of a prospective employer of a former Microsoft programmer, the choice is clear. Microsoft carefully selects their programmers from the brightest and the best because they can. They filter for the folks who can coexist with them because they must. They drive them with the processes that they have. The programmers deliver what they can in this context and accept the limitations of the context as a condition of employment. Having survived this experience a programmer must necessarily have certain properties which, depending on your point of view, mark him "desirable" or "undesirable".

Well exactly. In this case Microsoft paid for what they believed was closed source code, it was a third party vendor that broke the GPL, but because Microsoft released the executable, well they're responsible.

Which raises a question - how do you check these things? If the vendor cut and pasted code in, and removed comments that identified its source and the source's licensing agreement how do you spot this? It's not feasible to download every single open source project and start a diff against every single file they contain, so how do you do it?

"If it was actually part of Windows 7 i think there would have been a much bigger fuss!"

If it was actually part of Windows Microsoft would probably do a quadruple check to see if they don't have any infringing code in their operating system and ofcourse there would be extra emphasis on OSS licenses like the GPL because if the infriging code was from another company, the company would only be interested in a big sum of cash. If there is GPL code in Windows, the FSF would probably start a case that would be r

If there is GPL code in Windows, the FSF would probably start a case that would be revolutionary in the computer world since it could mean opensourcing Windows.

No, let me repeat this once more.

The author was entitled to compensation for the illegal distribution of his code, and he could demand that Microsoft stopped distributing it. That's it. (Well, there are harsher penalties for copyright infringement, including jail time, but they wouldn't apply in this case.)

Microsoft instead CHOSE to accept the GPL license for that particular code (they obviously hadn't accepted the license before, since they weren't even aware that it applied). They are either using the GPLv3 infringement remediation clauses or just hoping that the author will reinstate their license. But that was a CHOICE they made. They could have just paid up and had someone replace the GPL code with proprietary code.

If it turned out that GPL code was spread throughout Windows (highly unlikely, I'd think), they would almost certainly prefer to pay up rather than make Windows Free Software.

They do - why do you think big companies use their patent portfolios as a THREAT rather than use them? If the examiner had done their job I am betting nowhere NEAR as many software patents would be granted as have been.

Question: how can you tell GPL code is GPL code unless you know that it's GPL code? My point is that code reviews are cool, but they cannot catch things that the reviewers don't know to look for. And it's impossible for anyone to be familiar with every piece of GPL'd code out there, and it's impossible to build a database of such code. The best way to handle it was the way that they handled it. Someone found the error, told MS, and MS became compliant by releasing the code.

Question: how can you tell GPL code is GPL code unless you know that it's GPL code? My point is that code reviews are cool, but they cannot catch things that the reviewers don't know to look for. And it's impossible for anyone to be familiar with every piece of GPL'd code out there, and it's impossible to build a database of such code. The best way to handle it was the way that they handled it. Someone found the error, told MS, and MS became compliant by releasing the code.

It's called MOSS [stanford.edu]. Free for educational use, though a company like Microsoft would need a site license, but it would probably pay for itself when you factor in the money paid to PR firms to compensate for blunders like this.

I mean, I don't think anyone seriously thinks MS intended to steal GPL code. But if you have subcontractors writing shitty code, and you're forced to acknowledge this publicly, that have a very real cost - it undermimes your image as a respectable software company.

Give some credit, they did a code review, noticed the accusation was factual and did the right thing. As many times as microsoft has done the wrong thing, it's only right to credit them for doing the right thing this time.

The interesting question now is if they will retain this tool going forward, or replace it with another that is not GPL'd. It certainly sounds like an accident, so I am curious if good production code has any chance of trumping internal politics.

The interesting question now is if they will retain this tool going forward, or replace it with another that is not GPL'd. It certainly sounds like an accident, so I am curious if good production code has any chance of trumping internal politics.

If we think of them a little bit as a company and not the anti-RMS, why would they bother now? They're complying, the tool works.... what's the business case? Big companies like to use open source when it's to their advantage. like one vendor I'm familiar with, they are now pushing Linux, Tomcat and many open standards but they're very clearly closed source on top.

I predicted that they'd just need to make minor corrective action [slashdot.org]. Looks to me like that's exactly what happened. A replier to that post noted that as a prominent member of the Business Software Alliance, Microsoft would need to act above board and that this, if true, could be a serious problem. My take is that they just did that with this choice a mere week or so after the GPL code came to light.

So it appears to me that we're both right. Microsoft didn't need to fix much, but due to their leading position in an anti-piracy lobbying group, they needed to fix it quickly.

I wouldn't want to be the consulting company that provided Microsoft with this code. They're in some deep doo-doo now. Unfortunately, a lot of engineers are so clueless about licensing, as are their managers, that it is really possible that the person who did this didn't know it was a problem.

But this is not anything new for Microsoft. Microsoft started contributing to GCC around 10 years ago, for the former Unix services product. And this really serves their purpose if they are trying to scare people away from the GPL. "Microsoft forced to give up source code."

Where they are really hurting us now is in government policy and patented technology in interoperability facilities. Like the European Interoperability Framework going proprietary, and the MS-patented filesystem in next-generation FLASH devices. Consider stuff like that before you decide they are a "good citizen".

I don't buy that excuse. I write code. I don't have to understand the intricate licensing law to know when I've included code that I didn't write. It doesn't take a genius level IQ to know that when I do that (use code I didn't write) I need to tell the person who hired me to write code. Once that happens, it is the responsibility of a manager to find out the licensing issues.

Yes. But you'd be shocked at the testimony I read, as an expert witness, from engineers and their managers. Incompetence is rampant. Unfortunately, the cases are settled and sealed, so I can't show you.

More to the point, as a software engineer, or code monkey, or code master, whatever, you should be well aware that if it's code you didn't write, don't use it until you're clear as to the ramifications.

I avoid using any example code I see unless I can understand it and there's a clear statement of "Hey, this is example code, by writing this tutorial, we kind of expect you'll be making a derivative of it."

Treating GPL-licensed code (or some open source license) under the same regard is poor thinking. Passing

If I recall correctly, MS at one point tried to say that, if something like this happened, you'd have to release all your source code. Now we find that MS knows that you only have to release the source code of the program in question. Big difference. (Of course, if this was in Windows itself, the difference would not matter much to MS...)

Nope; Actually I hope "some loon" specifically and in a court of law demands that Microsoft release "all their code". Trust me, Microsoft will loudly and clearly and successfully defend themselves, creating a very clear answer to all the people trying to claim that the GPL forces you to do such a thing.

If I recall correctly, MS at one point tried to say that, if something like this happened, you'd have to release all your source code. Now we find that MS knows that you only have to release the source code of the program in question. Big difference.

I don't believe that's correct. You need to stop infringing the copyright - that means either obey the terms of the license or stop distributing (and deal with the consequences of the limited distribution you already made).

I hope this doesn't help the bogus 'GPL is dangerous, an outside contractor can make you reveal your code' meme to spread.

And if the program in question happened to be MS Word? Then they'd have had a big problem. Of course, they probably don't let outside companies contribute code to Word, but this still works as good PR from Microsoft's point of view. They had to release the code for a fairly unimportant tool that they got a third party to write and they got to point to this as an example of the GPL forcing a big company to release their code. ('if even Microsoft is forced to release their code by the GPL then we'd better

And if the program in question happened to be MS Word? Then they'd have had a big problem. Of course, they probably don't let outside companies contribute code to Word, but this still works as good PR from Microsoft's point of view. They had to release the code for a fairly unimportant tool that they got a third party to write and they got to point to this as an example of the GPL forcing a big company to release their code. ('if even Microsoft is forced to release their code by the GPL then we'd better mak

and 'Microsoft did that', I think some people forget how big the company is. Yes, the top brass are ultimately and formally responsible for everything the company does, and they set the tone. But its not like its possible for everything that any peon decides to do can get reviewed by a single central authority. This applies, for example, to stupid patents.

The same principle applies to stupid things done by any national government.

That's all that need be said. Microsoft realised it was in the wrong, and took steps to correct it. They didn't stonewall, they didn't hide. I must admit to being pleasantly surprised. Microsoft themselves place great importance on respecting software licenses/copyright, and it's nice to see them practice when it comes to other people's copyrights.

Why is Microsoft farming out the programming of a relatively simple tool when they have 10s of thousands of programmers and consultants on their payroll? Issues like this are exactly why you shouldn't outsource work when you already have employees that could do the job.

You answered your own question -- it's a "relatively simple tool". The tool has relatively little value-add or innovation compared to their other work. They'd rather spend their employees' time on developing software more core to their business.

The fact that this particular utility isn't particularly core to their business or seen as critically valueable or innovative is evidenced by the quick turnaround in releasing the source code. It's so far from their core business that it's just not worth their dev

DUH! Easier to gain forgiveness than permission. We know Microsoft knows that well. There was always a chance nobody would notice. It makes me wonder how much other GPL code they've ripped off over the years without getting caught.

Actually, that is only one possible way to get to use the GPL code. The other way is to contact the owner of the code in question, and obtain permission to use the code in question. This often means the exchange of a sum of money for permission to use the code in your product without having to release your derived code. I'm sure this happens often enough, and is a fairly easy way to settle a GPL violation, plus gives the original coder some cash.

I can't decide if you're trolling, or naive. Microsoft needs no permission to use GPL'd stuff. Neither does anyone else. It's a copy left. EVERYONE HAS THE RIGHT TO USE IT!! There are a few restrictions on giving credit to the owners, releasing source, etc - but they are ALLOWED TO USE IT.

I can't imagine any individual, corporation, group, or consortium who might be denied the right to use GPL code, AS LONG AS they abide by the terms of the license.

By releasing (or making available) the source code, and giving proper credit to the authors, MS complies with the terms of the GPL license.

The main tool out there to do that is from Black Duck, and it's an unmitigated piece of trash that is designed for the sole purpose of scamming stupid CTOs and CEOs.

Their piece of crap database isn't even audited, so it attributes tons of code to people who stole it themselves and lists it under the wrong license. Then, if that wasn't enough, it produces so many false positives that anybody tasked with running it sets it up just enough to appease their incompetent boss while routing the results directly to

Yes, I cant tell that the MS ninja assassin squad has been dispatched already. I just heard them running over our building's roof. I know they are the MS ninjas because they are the only ninjas in Redmond that wear giant clown shoes.

Vista probably cost them billions of dollars in revenue because, had they released a sooner, higher quality OS as their schedule initially dictated, their sales wouldn't have suffered. Not only that, but they'd have had two additional OS releases before Windows 7, or a global recession hurting their first decent OS release in nearly a decade.

Though if you think Microsoft executives seriously looked around the table and laughed at how they fooled everyone releasing a crappy product, I don't know if anything will convince you that you're wrong.

I'm sorry but this is just incredibly stupid. Are you telling me they purposely put GPL code into their code with the express intent of being caught?! Or that they wasted I don't know how many billions of dollars and took bad PR on Vista so that they could wow the world with Windows 7?! Then we have the troll-moderators going down the list looking for anything anti-Microsoft in the discussion to mod up. Lovely, you guys really do a lot for Slashdot's continued reputation.

a USB/DVD burning tool could hardly be analogized to an accelerator system in a car.

It'd be more equivalent to... I don't know... a cigarette lighter or something. This is just a utility that MS released to help people be able to burn a Windows 7 iso onto USB/DVD. Especially for use in netbooks and the like, I suppose.

This is just a utility that MS released to help people be able to burn a Windows 7 iso onto USB/DVD.

From the Annals of Just Another Utility...

By the time you add the 1001 "tools" that Microsoft offers (tools tucked away on an installation CD, in the various Resource Kits, the Sysinternals collection, etc.), and then add any number of "must have" third-party tools just so you can have a system that does more than open a file or web browser, you might as well have installed Linux distro or FreeBSD and had bo

If they didn't release the code then I'd say that a good old fashioned crucifixion would be in order but as it is, there's no real reason to hit them any more. The code is free like it should have been and that's that.In so far as a double standard, I think it would be far more sensible to advocate for sane copyright reform rather than resorting to the same tactics the RIAA and MPAA use.

What if it WAS a mistake? What if Microsoft didn't check the code/programmer claimed it wasn't GPL/whatever?

Because if it was a mistake, they appeared to have been doing the right thing. Furthermore, they weren't even selling this, nor was anyone else. If anything, it was a violation of GPL not copyright stuff.

I had no idea GPL people were so like the RIAA that they would want to "crucify" a company for possibly accidentally using (stealing? slashdot will call using GPL code against GPL license [and giving the result away for free]"stealing" but slashdot won't call downloading songs/movies stealing?) open source code without releasing the resulting open source. Sounds... very progressive. Encourages people to use GPL. "Hey, use our free software and code! It's great! Use it however you want! But if you don't follow the GPL you are a horrible, horrible company, even worse than people that illegally download copyrighted materials."

I like open source and GPL and all that. I also enjoy MS products. And I don't like double standards. If they knowingly took GPL code, that's bad. I don't like "guilty until proven innocent" nor comparisons of copyright to GPL...

What if it WAS a mistake? What if Microsoft didn't check the code/programmer claimed it wasn't GPL/whatever?

Well, they should have. It's a generally very bad idea to release software containing somebody else's code without permission.

Try to pull that off with MS code and see how well that goes.

Because if it was a mistake, they appeared to have been doing the right thing. Furthermore, they weren't even selling this, nor was anyone else. If anything, it was a violation of GPL not copyright stuff.

"I had no idea GPL people were so like the RIAA that they would want to "crucify" a company for possibly accidentally using (stealing? slashdot will call using GPL code against GPL license [and giving the result away for free]"stealing" but slashdot won't call downloading songs/movies stealing?) open source code without releasing the resulting open source. Sounds... very progressive. "

I had no idea GPL people were so like the RIAA that they would want to "crucify" a company for possibly accidentally using (stealing? slashdot will call using GPL code against GPL license [and giving the result away for free]"stealing" but slashdot won't call downloading songs/movies stealing?) open source code without releasing the resulting open source. Sounds... very progressive. Encourages people to use GPL. "Hey, use our free software and code! It's great! Use it however you want! But if you don't fol

What remedy does the GPL call for? As I understand it, it is to either release source or stop distributing. MS handled this error correctly. Calling for stronger sanctions would just drive more people away from GPL'd software.

Except the whole point of the GPL is to make source open, not to bring in cash. Usually, people in favor of the GPL prefer having the source code and settle on that than settling on money. As someone mentionned already, if you start sueing people who use the GPL by accident, and ask for money instead of source code, you'll just prove that people who called the GPL a "virus" were right.

Your ISP got a letter from RIAA or MPAA asking that they tell you to stop it, or turn over your name and address. Your ISP, knowing that BitTorrent also takes a lot of bandwidth anyway, shut you down temporarily and (though they don't honestly care) asked you to delete the file and (they do care about this) never run BitTorrent again. You complied, so MPAA/RIAA and your ISP both win.

If you saw them openly killing Windows and framing in a commercialized version of their own version of WINE sitting atop, say Ubuntu or Fedora/Red Hat... THEN there'd be orders placed for snowplows and thermal underwear to end all orders for it.